From 700ed907824441d19dbd0c7e74cd19ef0f2fd133 Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 3 Nov 2025 06:32:17 +0200
Subject: [PATCH] azure: Avoid spurious changes in NetworkSecurityGroup

Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
---
 upup/pkg/fi/cloudup/azure/azure_utils.go       | 13 -------------
 .../cloudup/azuretasks/networksecuritygroup.go | 18 ++++++++----------
 2 files changed, 8 insertions(+), 23 deletions(-)

diff --git a/upup/pkg/fi/cloudup/azure/azure_utils.go b/upup/pkg/fi/cloudup/azure/azure_utils.go
index ad317d99b4eb6..ea55e7fb1bbfb 100644
--- a/upup/pkg/fi/cloudup/azure/azure_utils.go
+++ b/upup/pkg/fi/cloudup/azure/azure_utils.go
@@ -115,19 +115,6 @@ func (s *ApplicationSecurityGroupID) String() string {
 		s.ApplicationSecurityGroupName)
 }
 
-// ParseApplicationSecurityGroupID parses a given ApplicationSecurityGroup ID string and returns a ApplicationSecurityGroup ID.
-func ParseApplicationSecurityGroupID(s string) (*ApplicationSecurityGroupID, error) {
-	l := strings.Split(s, "/")
-	if len(l) != 9 {
-		return nil, fmt.Errorf("malformed format of ApplicationSecurityGroup ID: %s, %d", s, len(l))
-	}
-	return &ApplicationSecurityGroupID{
-		SubscriptionID:               l[2],
-		ResourceGroupName:            l[4],
-		ApplicationSecurityGroupName: l[8],
-	}, nil
-}
-
 // LoadBalancerID contains the resource ID/names required to construct a load balancer ID.
 type LoadBalancerID struct {
 	SubscriptionID    string
diff --git a/upup/pkg/fi/cloudup/azuretasks/networksecuritygroup.go b/upup/pkg/fi/cloudup/azuretasks/networksecuritygroup.go
index 2beac1b219b85..1e1d2d1f78a0e 100644
--- a/upup/pkg/fi/cloudup/azuretasks/networksecuritygroup.go
+++ b/upup/pkg/fi/cloudup/azuretasks/networksecuritygroup.go
@@ -18,7 +18,9 @@ package azuretasks
 
 import (
 	"context"
+	"strings"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
 	"k8s.io/klog/v2"
@@ -95,13 +97,11 @@ func (nsg *NetworkSecurityGroup) Find(c *fi.CloudupContext) (*NetworkSecurityGro
 		if len(rule.Properties.SourceApplicationSecurityGroups) > 0 {
 			var sasgs []*string
 			for _, sasg := range rule.Properties.SourceApplicationSecurityGroups {
-				asg, err := azure.ParseApplicationSecurityGroupID(*sasg.ID)
+				asg, err := arm.ParseResourceID(*sasg.ID)
 				if err != nil {
-					if err != nil {
-						return nil, err
-					}
+					return nil, err
 				}
-				sasgs = append(sasgs, &asg.ApplicationSecurityGroupName)
+				sasgs = append(sasgs, to.Ptr(strings.ToLower(asg.Name)))
 			}
 			nsr.SourceApplicationSecurityGroupNames = sasgs
 		}
@@ -111,13 +111,11 @@ func (nsg *NetworkSecurityGroup) Find(c *fi.CloudupContext) (*NetworkSecurityGro
 		if len(rule.Properties.DestinationApplicationSecurityGroups) > 0 {
 			var dasgs []*string
 			for _, dasg := range rule.Properties.DestinationApplicationSecurityGroups {
-				asg, err := azure.ParseApplicationSecurityGroupID(*dasg.ID)
+				asg, err := arm.ParseResourceID(*dasg.ID)
 				if err != nil {
-					if err != nil {
-						return nil, err
-					}
+					return nil, err
 				}
-				dasgs = append(dasgs, &asg.ApplicationSecurityGroupName)
+				dasgs = append(dasgs, to.Ptr(strings.ToLower(asg.Name)))
 			}
 			nsr.DestinationApplicationSecurityGroupNames = dasgs
 		}